Possible Trackback Spam fix suggestion? (13 posts)

This was just a thought, but if each of us changed the file name of our wp-trackback.php file (and changed all references to said file to its new name in the WP-files), would that stop trackback spam? I'm guessing that the only way the spambots know that the URI for the trackback is the trackback URI, is because it has the word "trackback" in it. I am somewhat of a n00b when it comes to programming so I may be completely wrong here.

If this concept would work, perhaps we could see something in a future version of WP that would automate this process (at least partially). Just a thought, here.

If that wouldn't work, could we just hide the trackback URI inside a link tag? Again, I'm new to this side of things and am a little fuzzy on how spambots work. I look forward to any thoughts/flames.

"This was just a thought, but if each of us changed the file name of our wp-trackback.php file (and changed all references to said file to its new name in the WP-files), would that stop trackback spam?"

This is also used to stop comment spam. It can work (as the simplest method for a spam tool to throw you a trackback would be to know the file's name instead of having to trawl for trackback URLs), but only temporarily.

For those using custom permalinks, it would also require modifying the WordPress source, so WP knows the filename.

As for other tricks in hiding it, those would eventually be subjected to *the trawl*.

A good thing to keep in mind is that we may not stop spammers (short of strong comment registration, turning off trackbacks, and other stringent methods of shoring up), but we can keep ahead of them.

Then, if the process of changing the trackback link was automated inside of WP, couldn't it just be changed again? I'm just getting tired of having to delete the trackbacks from my moderation queue. Would be nice if we could at least have a way to comments/trackbacks with certain words in them or comments/trackbacks from certain IPs or authors instead of having them dump into moderation.

Well now it seems the spammers have moved to porn. Bloody fantastic. I actually had spam nailed with a platoon of different plugins and hacks with 1.21, now that I have upgraded to 1.5 it back and they have hit the throtle much harder this time.

Have we actually got ONE solution for this rubbish for 1.5. I know we have the black list and the other one that nukes posts with what ever keywords are in it. But enabling registers users may only post a comment does not work as I would think it would. One still has to clean out the moderation folder every day and now because of the volume, I have turned off email notification...

Perhaps using the Robots text file in the root of WP and disallowing them access to comments?? Dont know really but putting the comments.php file in its own folder, changing the address reference to it in the other pages and

"A good thing to keep in mind is that we may not stop spammers (short of strong comment registration, turning off trackbacks, and other stringent methods of shoring up), but we can keep ahead of them."

Commenters on my site must be members, and I've turned off pingbacks and trackbacks. But I still get spam on 1.5. Any ideas?

Referrer Karma does not protect trackbacks, nor does it protect comments. Its original intent was to keep your statistics and logs free of referrer spam. It only blocks certain referrers from visiting your site. As such, it will also block some spam bots. I would recommend Referrer Karma, as it has cut my spam from 80+ per day to 3 at most, but keep in mind that it does not protect comments and trackbacks directly.

Referrer Karma will actually help out with trackbacks. You can include RK on your trackback page, and any other PHP page that you want protected. If a computer is flagged by RK as a spammer then RK will block the IP for whatever time you have set up. This has nothing to do with what type of page is being accessed. It is just tracking behavior and making a decision based on that.

The blocking occurs in the .htaccess file so your whole site is protected for the time period, regardless of the spammer's entry point. It started out as a way to keep logs clean and is actually much more useful. Also check out this article by Tom Raftery.